<?php

namespace App\Http\Middleware;

use Closure;

class PermissionCheck
{
    /**
     * Handle an incoming request.
     *
     * @param  \Illuminate\Http\Request  $request
     * @param  \Closure  $next
     * @return mixed
     */
    public function handle($request, Closure $next)
    {
        $user = \Auth::user();
        if($user){
            if(!$user->is_super){
                if(!$user->can(\Route::currentRouteName())){
                    if($request->wantsJson() || $request->ajax()){
                        return response()->json(['error'=>true, 'message'=>'你没有权限执行此操作']);
                    }else{
                        return response()->view('errors.403');
                    }
                }
            }
        }else{
            return response()->view('auth.login');
        }
        return $next($request);
    }
}
